Exchange Message Trace Reporting and e-Discovery

%3CLINGO-SUB%20id%3D%22lingo-sub-1760301%22%20slang%3D%22en-US%22%3EExchange%20Message%20Trace%20Reporting%20and%20e-Discovery%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1760301%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGood%20Morning%20from%20the%20Pacific%20Northwest!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWill%20features%20to%20filter%20emails%20based%20on%20file%20attachments%20be%20available%20in%20Exchange%20Online%20and%20e-Discovery%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECurrently%2C%20if%20I%20were%20to%20do%20a%20message%20trace%20for%20all%20emails%20sent%20by%20person%20A%20to%20person%20B%20with%20with%20PDF%20files%2C%20that%20is%20not%20possible.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20also%20need%20to%20create%20reports%20of%20emails%20sent%20and%20received%20with%20specific%20files%20-%20i.e.%20Zip%20files%2C%20Docx%20files.%20There%20are%20no%20features%20in%20our%20M365%20E3%20environment%20that%20enable%20this.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEmy%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1760301%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20AMA%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1760540%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Message%20Trace%20Reporting%20and%20e-Discovery%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1760540%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F406979%22%20target%3D%22_blank%22%3E%40KevinShaughnessy%3C%2FA%3E%26nbsp%3BThank%20you.%20Is%20Threat%20Explorer%20part%20of%20the%20M365%20E3%20license%3F%20Queries%20for%20emails%20with%20specific%20file%20attachments%20is%20a%20basic%20search%20queries%20for%20email%20reporting.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1760517%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Message%20Trace%20Reporting%20and%20e-Discovery%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1760517%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F6110%22%20target%3D%22_blank%22%3E%40Emy%20Loanzon%3C%2FA%3E%26nbsp%3BThreat%20Explorer%20in%20the%20Security%20Center%26nbsp%3B%20allows%20you%20to%20search%20messages%20by%20file%20attachment%2C%20but%20as%20you%20know%20Message%20Trace%20does%20not.%20Whether%20or%20not%20to%20include%20a%20new%20capability%20in%20Message%20Trace%20is%20based%20on%20the%20scenario%3A%20If%20the%20scenario%20is%20more%20a%20security%20related%20investigation%20then%20it's%20a%20better%20candidate%20for%20Threat%20Explorer%3B%20if%20it's%20more%20about%20troubleshooting%20mail%20flow%20routing%20or%20delivery%20issues%20then%20it's%20a%20candidate%20for%20inclusion%20in%20Message%20Trace.%20Since%20all%20investigations%20that%20filter%20by%20attachment%20that%20we've%20heard%20about%20from%20customers%20are%20for%20security-related%20investigations%2C%20that%20capability%20landed%20in%20Threat%20Explorer.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

 

Good Morning from the Pacific Northwest!

 

Will features to filter emails based on file attachments be available in Exchange Online and e-Discovery?

 

Currently, if I were to do a message trace for all emails sent by person A to person B with with PDF files, that is not possible.

 

I also need to create reports of emails sent and received with specific files - i.e. Zip files, Docx files. There are no features in our M365 E3 environment that enable this. 

 

Thank you.

 

Emy 

5 Replies

@Emy Loanzon Threat Explorer in the Security Center  allows you to search messages by file attachment, but as you know Message Trace does not. Whether or not to include a new capability in Message Trace is based on the scenario: If the scenario is more a security related investigation then it's a better candidate for Threat Explorer; if it's more about troubleshooting mail flow routing or delivery issues then it's a candidate for inclusion in Message Trace. Since all investigations that filter by attachment that we've heard about from customers are for security-related investigations, that capability landed in Threat Explorer. 

@KevinShaughnessy Thank you. Is Threat Explorer part of the M365 E3 license? Queries for emails with specific file attachments is a basic search queries for email reporting.

@Emy Loanzon it's not included with E3, but with E5. It's available in ATP Plan 2 which comes with E5. https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-atp?view=o365...

 

Can you elaborate on a non-security/threat related scenario where you'd want to trace messages by attachment type or name, where the concern isn't primarily security/threat related? Thanks!

@KevinShaughnessy Thanks, Kevin. I am routinely asked to provide reports on how many emails with certain file types (excel, word, PDF files) were sent within the company - to encourage those employees to use OneDrive or SharePoint instead.  

 

For security reports, I have to provide how stats on emails that get compressed files from external sources. 

 

 

@Emy Loanzon Thanks so much for the additional info about those reports to encourage folks to use OneDrive or Sharepoint instead. Good to know! I'll share that info with my colleague who owns Message Trace UI / scenarios. Cheers!

www.000webhost.com